make the altcha challenge a smidge easier

handle password field of signup form properly, and verify altcha solution
add sqlite feature to devcontainer for test DB
2025-11-09 18:09:29 +00:00 · 2025-11-09 18:05:44 +00:00 · 2025-11-09 18:05:04 +00:00
3 changed files with 21 additions and 21 deletions
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -14,7 +14,8 @@

 	// Features to add to the dev container. More info: https://containers.dev/features.
 	"features": {
-		"ghcr.io/devcontainers/features/docker-in-docker:2": {}
+		"ghcr.io/devcontainers/features/docker-in-docker:2": {},
+		"ghcr.io/warrenbuckley/codespace-features/sqlite:1": {}
 	},

 	// Use 'forwardPorts' to make a list of ports inside the container available locally.
--- a/slopserver/models.py
+++ b/slopserver/models.py
@@ -73,8 +73,7 @@ def url_validator(urls: list[str]) -> list[ParseResult]:
    return parsed_urls

 def altcha_validator(altcha_response: AltchaPayload):
-    # verified = verify_solution(altcha_response, TEMP_HMAC_KEY)
-    verified = (True, None)
+    verified = verify_solution(altcha_response, TEMP_HMAC_KEY)
    if not verified[0]:
        raise ValueError(f"altcha verification failed: {verified[1]}")
    return None
--- a/slopserver/server.py
+++ b/slopserver/server.py
@@ -134,13 +134,13 @@ async def signup_form(form_data: Annotated[SignupForm, Form()]):
        raise HTTPException(status_code=409, detail="User already exists")

    # create user
-    create_user(form_data.email, get_password_hash(form_data.password), DB_ENGINE)
+    create_user(form_data.email, get_password_hash(form_data.password.get_secret_value()), DB_ENGINE)

@app.get("/altcha-challenge")
 async def altcha_challenge():
    options = ChallengeOptions(
        expires=datetime.now() + timedelta(minutes=10),
-        max_number=100000,
+        max_number=80000,
        hmac_key=TEMP_HMAC_KEY
    )
    challenge = create_challenge(options)
@@ -154,24 +154,24 @@ async def simple_login(username: Annotated[str, Form()], password: Annotated[str
    token = generate_auth_token(username)
    return {"access_token": token, "token_type": "bearer"}

-@app.post("/altcha-challenge")
-async def altcha_verify(payload: Annotated[Base64Str, AfterValidator(altcha_validator)]):
-    # if verified, return a JWT for anonymous API access
-    expiration = datetime.now() + timedelta(days=30)
-    uuid = uuid4()
-    bearer_token = {
-        "iss": "slopserver",
-        "exp": int(expiration.timestamp()),
-        "aud": "slopserver",
-        "sub": str(uuid),
-        "client_id": str(uuid),
-        "iat": int(datetime.now().timestamp()),
-        "jti": str(uuid)
-    }
+# @app.post("/altcha-challenge")
+# async def altcha_verify(payload: Annotated[Base64Str, AfterValidator(altcha_validator)]):
+#     # if verified, return a JWT for anonymous API access
+#     expiration = datetime.now() + timedelta(days=30)
+#     uuid = uuid4()
+#     bearer_token = {
+#         "iss": "slopserver",
+#         "exp": int(expiration.timestamp()),
+#         "aud": "slopserver",
+#         "sub": str(uuid),
+#         "client_id": str(uuid),
+#         "iat": int(datetime.now().timestamp()),
+#         "jti": str(uuid)
+#     }

-    encoded_jwt = jwt.encode(bearer_token, TOKEN_SECRET, ALGO)
+#     encoded_jwt = jwt.encode(bearer_token, TOKEN_SECRET, ALGO)

-    return encoded_jwt
+#     return encoded_jwt
Author	SHA1	Message	Date
Jack Case	e8189ed832	make the altcha challenge a smidge easier	2025-11-09 18:09:29 +00:00
Jack Case	c0600f527f	handle password field of signup form properly, and verify altcha solution	2025-11-09 18:05:44 +00:00
Jack Case	ed6065a6ea	add sqlite feature to devcontainer for test DB	2025-11-09 18:05:04 +00:00